updated deps, showed that vmlocate works for vmp3 bins now, same with flatten and deobfuscate...

master
xerox 3 years ago
parent 8c2b96dd41
commit 5d30927614

2
deps/vmprofiler vendored

@ -1 +1 @@
Subproject commit 3061b00f0817cb70feda5e33db29a55b157ada30 Subproject commit cbac337a604bf234c45fdf4d00e44ae7cf37e274

@ -2,6 +2,8 @@
#include <fstream> #include <fstream>
#include <iostream> #include <iostream>
#include <thread> #include <thread>
#include <vmlocate.hpp>
#include "vmemu_t.hpp" #include "vmemu_t.hpp"
#define NUM_THREADS 20 #define NUM_THREADS 20
@ -116,17 +118,16 @@ int __cdecl main(int argc, const char* argv[]) {
std::strtoull(parser.get<std::string>("vmentry").c_str(), nullptr, 16); std::strtoull(parser.get<std::string>("vmentry").c_str(), nullptr, 16);
std::vector<vm::instrs::code_block_t> code_blocks; std::vector<vm::instrs::code_block_t> code_blocks;
vm::ctx_t vmctx(module_base, image_base, image_size, vm_entry_rva); vm::ctx_t vmctx{module_base, image_base, image_size, vm_entry_rva};
if (!vmctx.init()) { // testing flatten and deobfuscate on vmp3 vm enters...
std::printf( zydis_routine_t vm_entry;
"[!] failed to init vmctx... this can be for many reasons..." vm::util::flatten(vm_entry, module_base + vm_entry_rva);
" try validating your vm entry rva... make sure the binary is " vm::util::deobfuscate(vm_entry);
"unpacked and is" vm::util::print(vm_entry);
"protected with VMProtect 2...\n");
return -1;
}
vm::util::print(vmctx.vm_entry); // testing vmlocate port for vmp3...
const auto vm_entries = vm::locate::get_vm_entries(module_base, image_size);
std::printf("> number of vm entries = %d\n", vm_entries.size());
} }
} }
Loading…
Cancel
Save